Heads up to anyone considering using this: the author wrote their own crypto code[1]. I would recommend against using this until that is fixed... I've already spotted a few vulnerabilities.<p>[1] <a href="https://github.com/FedericoCeratto/owefs/blob/master/pycryptoenc.py" rel="nofollow">https://github.com/FedericoCeratto/owefs/blob/master/pycrypt...</a>
This is similar to how Apple's iOS File Data Protection works with "Protected Unless Open": <a href="https://www.apple.com/business/docs/iOS_Security_Guide.pdf" rel="nofollow">https://www.apple.com/business/docs/iOS_Security_Guide.pdf</a><p>> Some files may need to be written while the device is locked. A good example of this is a mail attachment downloading in the background. This behavior is achieved by using asymmetric elliptic curve cryptography (ECDH over Curve25519). The usual per-file key is protected by a key derived using One-Pass Diffie-Hellman Key Agreement as described in NIST SP 800-56A.<p>> The ephemeral public key for the agreement is stored alongside the wrapped per-file key. The KDF is Concatenation Key Derivation Function (Approved Alternative 1) as described in 5.8.1 of NIST SP 800-56A. AlgorithmID is omitted. PartyUInfo and PartyVInfo are the ephemeral and static public keys, respectively. SHA-256 is used as the hashing function. As soon as the file is closed, the per-file key is wiped from memory. To open the file again, the shared secret is re-created using the Protected Unless Open class’s private key and the file’s ephemeral public key; its hash is used to unwrap the per-file key, which is then used to decrypt the file.
Looks useful, although it probably will have problems with all kind of applications that do anything more than just writing new files or directly appending to old ones (e.g. those that add to files by writing the changed version to disk and then swapping it in place -> old, already encrypted parts of the changed file would then be encrypted again)
The inability to edit or append to files is not really a fundamental limitation of this approach - it would just require some more bookkeeping. Reading back data, of course, is (by design) impossible.
Nice. I'd previously written a similar FUSE-based one-way filesystem, but I never did publish it. "Go laziness!"<p>The two applications that caught my eye were "home security cameras" (which the docs allude to) and secure telemetry.<p>You have a device (say, a drone) that logs telemetry data, but if the drone is lost, the data cannot be recovered by a third party without the private key.
I was initially turned off by the title of this thread because 'one-way encryption' generally refers to hashing and not asymmetric encryption. <a href="https://en.wikipedia.org/wiki/Cryptographic_hash_function" rel="nofollow">https://en.wikipedia.org/wiki/Cryptographic_hash_function</a>
Is this essentially the same thing as encrypted loopback filesystems?<p><a href="http://www.techrepublic.com/blog/linux-and-open-source/create-encrypted-loopback-filesystems-on-linux/" rel="nofollow">http://www.techrepublic.com/blog/linux-and-open-source/creat...</a>
asymmetric key encryption is quite cpu intensive comparing to , say AES256.<p>why not use the asymmetric keypair to guard an AES key, and use AES to do the encryption instead, something like what https is doing.